Security Protocols With Isotropic Channels

We investigate the security properties of isotropic channels, broadcast media in which a receiver cannot reliably determine whether a message originated from any particular sender and a sender cannot reliably direct a message away from any particular receiver. We show that perfect isotropism implies perfect (information-theoretic) secrecy, and that asymptotically close to perfect secrecy can be achieved on any channel that provides some (bounded) uncertainty as to sender identity. We give isotropic security protocols under both passive and active adversary models, and discuss the practicality of realizing isotropic channels over various media

Error tolerance of two-basis quantum key-distribution protocols using qudits and two-way classical communication

We investigate the error tolerance of quantum cryptographic protocols using $d$-level systems. In particular, we focus on prepare-and-measure schemes that use two mutually unbiased bases and a key-distillation procedure with two-way classical communication. For arbitrary quantum channels, we obtain a sufficient condition for secret-key distillation which, in the case of isotropic quantum channels, yields an analytic expression for the maximally tolerable error rate of the cryptographic protocols under consideration. The difference between the tolerable error rate and its theoretical upper bound tends slowly to zero for sufficiently large dimensions of the information carriers.Comment: 10 pages, 1 figur

Security bound of two-bases quantum key-distribution protocols using qudits

We investigate the security bounds of quantum cryptographic protocols using $d$-level systems. In particular, we focus on schemes that use two mutually unbiased bases, thus extending the BB84 quantum key distribution scheme to higher dimensions. Under the assumption of general coherent attacks, we derive an analytic expression for the ultimate upper security bound of such quantum cryptography schemes. This bound is well below the predictions of optimal cloning machines. The possibility of extraction of a secret key beyond entanglement distillation is discussed. In the case of qutrits we argue that any eavesdropping strategy is equivalent to a symmetric one. For higher dimensions such an equivalence is generally no longer valid.Comment: 12 pages, 2 figures, to appear in Phys. Rev.

Fundamental limits on key rates in device-independent quantum key distribution

In this paper, we introduce intrinsic non-locality as a quantifier for Bell non-locality, and we prove that it satisfies certain desirable properties such as faithfulness, convexity, and monotonicity under local operations and shared randomness. We then prove that intrinsic non-locality is an upper bound on the secret-key-agreement capacity of any device-independent protocol conducted using a device characterized by a correlation $p$. We also prove that intrinsic steerability is an upper bound on the secret-key-agreement capacity of any semi-device-independent protocol conducted using a device characterized by an assemblage $\hat{\rho}$. We also establish the faithfulness of intrinsic steerability and intrinsic non-locality. Finally, we prove that intrinsic non-locality is bounded from above by intrinsic steerability.Comment: 44 pages, 4 figures, final version accepted for publication in New Journal of Physic

Authentication of Quantum Messages

Authentication is a well-studied area of classical cryptography: a sender S and a receiver R sharing a classical private key want to exchange a classical message with the guarantee that the message has not been modified by any third party with control of the communication line. In this paper we define and investigate the authentication of messages composed of quantum states. Assuming S and R have access to an insecure quantum channel and share a private, classical random key, we provide a non-interactive scheme that enables S both to encrypt and to authenticate (with unconditional security) an m qubit message by encoding it into m+s qubits, where the failure probability decreases exponentially in the security parameter s. The classical private key is 2m+O(s) bits. To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. We also show that any scheme to authenticate quantum messages must also encrypt them. (In contrast, one can authenticate a classical message while leaving it publicly readable.) This has two important consequences: On one hand, it allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. On the other hand, we use it to show that digitally signing quantum states is impossible, even with only computational security.Comment: 22 pages, LaTeX, uses amssymb, latexsym, time

Limitations on device independent secure key via squashed non-locality

We initiate a systematic study to provide upper bounds on device-independent key, secure against a non-signaling adversary (NSDI), distilled by a wide class of operations, currently used in both quantum and non-signaling device-independent protocols. These operations consist of a direct measurements on the devices followed by Local Operations and Public Communication (MDLOPC). We employ the idea of "squashing" on the secrecy monotones, which provide upper bounds on the key rate in secret key agreement (SKA) scenario, and show that squashed secrecy monotones are the upper bounds on NSDI key. As an important instance, an upper bound on NSDI key rate called "squashed non-locality", has been constructed. It exhibits several important properties, including convexity, monotonicity, additivity on tensor products, and asymptotic continuity. Using this bound, we identify numerically a domain of two binary inputs and two binary outputs non-local devices for which the squashed non-locality is zero, and therefore one can not distil key from them via MDLOPC operations. These are mixtures of Popescu-Rohrlich (PR) and anti-PR box with the weight of PR box less than $80\%$. This example confirms the intuition that non-locality need not imply secrecy in the non-signaling scenario. The approach is general, describing how to construct other tighter yet possibly less computable upper bounds. Our technique for obtaining upper bounds is based on the non-signaling analog of quantum purification: the complete extension, which yields equivalent security conditions as previously known in the literature.Comment: 12 pages and 2 figures + supplemental materia